General Security Governance
- Certification - ISO 27001 and ISO 9001.
- Have an Information Security Officer who is formally chartered with the responsibility for information security.
- Security Program is audited by an independent third party periodically.
- Periodical penetration tests on all systems are performed by third party periodically.
- Securities of vendors and/or sub-contractors are accessed.
- Incident response procedure is in place.
- Background checks of employees before joining.
- Regular staff training on current security system and best practices.
Physical & Environmental
- 24x7 Surveillance CCTV systems are installed & only CEO & COO and any other person authorized by CEO having access to the CCTV System.
- 24x7 Security Guards at entry & exit gate.
- Screening of visitors/employees by a security guard during entry and exit for data storage media like CD’s, USB drives etc.
- USB drives and CD's are banned from work-floor.
- Entry & Exit Registers
- Physical Login Register
- Biometrics Time Attendant Systems
- System for Physical Security breaches and conditions under which such breaches are notified to clients
- 100% Power Backup
- Proper monitoring systems for power supply, HVAC, temperature & other environmental controls in place
- Full fledged Fire Control Systems in place
- Configuration Guidelines for Network Equipment’s in place.
- Firewalls in place.
- Firewall Analyzer in place.
- Use of secured line (128 bit SSL) to access and transmit data (images) from servers.
- Segmented LAN with firewall protection.
- All ports except DNS and SMTP servers are disabled from the external world.
- Latest Windows Operating System & kept them updated through updates and security patches.
- Antivirus in place.
- Login Records maintained.
- Real time backup of all data done regularly either in client’s server farms or our data servers depending on client choice.
(II) Computers/ Laptops
- Latest Windows Operating System & keep them updated through updates and security patches.
- Antivirus in place.
- Client Login Records maintained.
- Access to source documents is restricted to authorized employees only.
- No fax and printing capabilities at the processing site.
- PCs used for processing do not have CD ROM drives.
- PCs used in processing are denied web access.
- Limited usage of paper on the work-floor.